npm - @lobu/gateway - Versions diffs - 3.0.8 → 3.0.12 - Mend

@lobu/gateway 3.0.8 → 3.0.12

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (219) hide show

package/dist/api/platform.d.ts.map +1 -1
package/dist/api/platform.js +8 -26
package/dist/api/platform.js.map +1 -1
package/dist/auth/mcp/proxy.d.ts +14 -0
package/dist/auth/mcp/proxy.d.ts.map +1 -1
package/dist/auth/mcp/proxy.js +149 -13
package/dist/auth/mcp/proxy.js.map +1 -1
package/dist/cli/gateway.d.ts.map +1 -1
package/dist/cli/gateway.js +29 -0
package/dist/cli/gateway.js.map +1 -1
package/dist/cli/index.js +2 -2
package/dist/cli/index.js.map +1 -1
package/dist/connections/chat-instance-manager.d.ts.map +1 -1
package/dist/connections/chat-instance-manager.js +2 -1
package/dist/connections/chat-instance-manager.js.map +1 -1
package/dist/connections/interaction-bridge.d.ts +9 -2
package/dist/connections/interaction-bridge.d.ts.map +1 -1
package/dist/connections/interaction-bridge.js +132 -230
package/dist/connections/interaction-bridge.js.map +1 -1
package/dist/connections/message-handler-bridge.d.ts.map +1 -1
package/dist/connections/message-handler-bridge.js +44 -26
package/dist/connections/message-handler-bridge.js.map +1 -1
package/dist/interactions.d.ts +9 -43
package/dist/interactions.d.ts.map +1 -1
package/dist/interactions.js +10 -52
package/dist/interactions.js.map +1 -1
package/dist/orchestration/base-deployment-manager.js +7 -7
package/dist/orchestration/base-deployment-manager.js.map +1 -1
package/dist/platform/unified-thread-consumer.d.ts.map +1 -1
package/dist/platform/unified-thread-consumer.js +38 -34
package/dist/platform/unified-thread-consumer.js.map +1 -1
package/dist/routes/public/agent.d.ts +4 -0
package/dist/routes/public/agent.d.ts.map +1 -1
package/dist/routes/public/agent.js +21 -0
package/dist/routes/public/agent.js.map +1 -1
package/dist/services/core-services.d.ts.map +1 -1
package/dist/services/core-services.js +4 -0
package/dist/services/core-services.js.map +1 -1
package/package.json +2 -2
package/src/__tests__/agent-config-routes.test.ts +0 -254
package/src/__tests__/agent-history-routes.test.ts +0 -72
package/src/__tests__/agent-routes.test.ts +0 -68
package/src/__tests__/agent-schedules-routes.test.ts +0 -59
package/src/__tests__/agent-settings-store.test.ts +0 -323
package/src/__tests__/bedrock-model-catalog.test.ts +0 -40
package/src/__tests__/bedrock-openai-service.test.ts +0 -157
package/src/__tests__/bedrock-provider-module.test.ts +0 -56
package/src/__tests__/chat-instance-manager-slack.test.ts +0 -204
package/src/__tests__/chat-response-bridge.test.ts +0 -131
package/src/__tests__/config-memory-plugins.test.ts +0 -92
package/src/__tests__/config-request-store.test.ts +0 -127
package/src/__tests__/connection-routes.test.ts +0 -144
package/src/__tests__/core-services-store-selection.test.ts +0 -92
package/src/__tests__/docker-deployment.test.ts +0 -1211
package/src/__tests__/embedded-deployment.test.ts +0 -342
package/src/__tests__/grant-store.test.ts +0 -148
package/src/__tests__/http-proxy.test.ts +0 -281
package/src/__tests__/instruction-service.test.ts +0 -37
package/src/__tests__/link-buttons.test.ts +0 -112
package/src/__tests__/lobu.test.ts +0 -32
package/src/__tests__/mcp-config-service.test.ts +0 -347
package/src/__tests__/mcp-proxy.test.ts +0 -694
package/src/__tests__/message-handler-bridge.test.ts +0 -17
package/src/__tests__/model-selection.test.ts +0 -172
package/src/__tests__/oauth-templates.test.ts +0 -39
package/src/__tests__/platform-adapter-slack-send.test.ts +0 -114
package/src/__tests__/platform-helpers-model-resolution.test.ts +0 -253
package/src/__tests__/provider-inheritance.test.ts +0 -212
package/src/__tests__/routes/cli-auth.test.ts +0 -337
package/src/__tests__/routes/interactions.test.ts +0 -121
package/src/__tests__/secret-proxy.test.ts +0 -85
package/src/__tests__/session-manager.test.ts +0 -572
package/src/__tests__/setup.ts +0 -133
package/src/__tests__/skill-and-mcp-registry.test.ts +0 -203
package/src/__tests__/slack-routes.test.ts +0 -161
package/src/__tests__/system-config-resolver.test.ts +0 -75
package/src/__tests__/system-message-limiter.test.ts +0 -89
package/src/__tests__/system-skills-service.test.ts +0 -362
package/src/__tests__/transcription-service.test.ts +0 -222
package/src/__tests__/utils/rate-limiter.test.ts +0 -102
package/src/__tests__/worker-connection-manager.test.ts +0 -497
package/src/__tests__/worker-job-router.test.ts +0 -722
package/src/api/index.ts +0 -1
package/src/api/platform.ts +0 -292
package/src/api/response-renderer.ts +0 -157
package/src/auth/agent-metadata-store.ts +0 -168
package/src/auth/api-auth-middleware.ts +0 -69
package/src/auth/api-key-provider-module.ts +0 -213
package/src/auth/base-provider-module.ts +0 -201
package/src/auth/bedrock/provider-module.ts +0 -110
package/src/auth/chatgpt/chatgpt-oauth-module.ts +0 -185
package/src/auth/chatgpt/device-code-client.ts +0 -218
package/src/auth/chatgpt/index.ts +0 -1
package/src/auth/claude/oauth-module.ts +0 -280
package/src/auth/cli/token-service.ts +0 -249
package/src/auth/external/client.ts +0 -560
package/src/auth/external/device-code-client.ts +0 -235
package/src/auth/mcp/config-service.ts +0 -420
package/src/auth/mcp/proxy.ts +0 -1086
package/src/auth/mcp/string-substitution.ts +0 -17
package/src/auth/mcp/tool-cache.ts +0 -90
package/src/auth/oauth/base-client.ts +0 -267
package/src/auth/oauth/client.ts +0 -153
package/src/auth/oauth/credentials.ts +0 -7
package/src/auth/oauth/providers.ts +0 -69
package/src/auth/oauth/state-store.ts +0 -150
package/src/auth/oauth-templates.ts +0 -179
package/src/auth/provider-catalog.ts +0 -220
package/src/auth/provider-model-options.ts +0 -41
package/src/auth/settings/agent-settings-store.ts +0 -565
package/src/auth/settings/auth-profiles-manager.ts +0 -216
package/src/auth/settings/index.ts +0 -12
package/src/auth/settings/model-preference-store.ts +0 -52
package/src/auth/settings/model-selection.ts +0 -135
package/src/auth/settings/resolved-settings-view.ts +0 -298
package/src/auth/settings/template-utils.ts +0 -44
package/src/auth/settings/token-service.ts +0 -88
package/src/auth/system-env-store.ts +0 -98
package/src/auth/user-agents-store.ts +0 -68
package/src/channels/binding-service.ts +0 -214
package/src/channels/index.ts +0 -4
package/src/cli/gateway.ts +0 -1312
package/src/cli/index.ts +0 -74
package/src/commands/built-in-commands.ts +0 -80
package/src/commands/command-dispatcher.ts +0 -94
package/src/commands/command-reply-adapters.ts +0 -27
package/src/config/file-loader.ts +0 -618
package/src/config/index.ts +0 -588
package/src/config/network-allowlist.ts +0 -71
package/src/connections/chat-instance-manager.ts +0 -1284
package/src/connections/chat-response-bridge.ts +0 -618
package/src/connections/index.ts +0 -7
package/src/connections/interaction-bridge.ts +0 -831
package/src/connections/message-handler-bridge.ts +0 -415
package/src/connections/platform-auth-methods.ts +0 -15
package/src/connections/types.ts +0 -84
package/src/gateway/connection-manager.ts +0 -291
package/src/gateway/index.ts +0 -698
package/src/gateway/job-router.ts +0 -201
package/src/gateway-main.ts +0 -200
package/src/index.ts +0 -41
package/src/infrastructure/queue/index.ts +0 -12
package/src/infrastructure/queue/queue-producer.ts +0 -148
package/src/infrastructure/queue/redis-queue.ts +0 -361
package/src/infrastructure/queue/types.ts +0 -133
package/src/infrastructure/redis/system-message-limiter.ts +0 -94
package/src/interactions/config-request-store.ts +0 -198
package/src/interactions.ts +0 -363
package/src/lobu.ts +0 -311
package/src/metrics/prometheus.ts +0 -159
package/src/modules/module-system.ts +0 -179
package/src/orchestration/base-deployment-manager.ts +0 -900
package/src/orchestration/deployment-utils.ts +0 -98
package/src/orchestration/impl/docker-deployment.ts +0 -620
package/src/orchestration/impl/embedded-deployment.ts +0 -268
package/src/orchestration/impl/index.ts +0 -8
package/src/orchestration/impl/k8s/deployment.ts +0 -1061
package/src/orchestration/impl/k8s/helpers.ts +0 -610
package/src/orchestration/impl/k8s/index.ts +0 -1
package/src/orchestration/index.ts +0 -333
package/src/orchestration/message-consumer.ts +0 -584
package/src/orchestration/scheduled-wakeup.ts +0 -704
package/src/permissions/approval-policy.ts +0 -36
package/src/permissions/grant-store.ts +0 -219
package/src/platform/file-handler.ts +0 -66
package/src/platform/link-buttons.ts +0 -57
package/src/platform/renderer-utils.ts +0 -44
package/src/platform/response-renderer.ts +0 -84
package/src/platform/unified-thread-consumer.ts +0 -187
package/src/platform.ts +0 -318
package/src/proxy/http-proxy.ts +0 -752
package/src/proxy/proxy-manager.ts +0 -81
package/src/proxy/secret-proxy.ts +0 -402
package/src/proxy/token-refresh-job.ts +0 -143
package/src/routes/internal/audio.ts +0 -141
package/src/routes/internal/device-auth.ts +0 -652
package/src/routes/internal/files.ts +0 -226
package/src/routes/internal/history.ts +0 -69
package/src/routes/internal/images.ts +0 -127
package/src/routes/internal/interactions.ts +0 -84
package/src/routes/internal/middleware.ts +0 -23
package/src/routes/internal/schedule.ts +0 -226
package/src/routes/internal/types.ts +0 -22
package/src/routes/openapi-auto.ts +0 -239
package/src/routes/public/agent-access.ts +0 -23
package/src/routes/public/agent-config.ts +0 -675
package/src/routes/public/agent-history.ts +0 -422
package/src/routes/public/agent-schedules.ts +0 -296
package/src/routes/public/agent.ts +0 -1086
package/src/routes/public/agents.ts +0 -373
package/src/routes/public/channels.ts +0 -191
package/src/routes/public/cli-auth.ts +0 -896
package/src/routes/public/connections.ts +0 -574
package/src/routes/public/landing.ts +0 -16
package/src/routes/public/oauth.ts +0 -147
package/src/routes/public/settings-auth.ts +0 -104
package/src/routes/public/slack.ts +0 -173
package/src/routes/shared/agent-ownership.ts +0 -101
package/src/routes/shared/token-verifier.ts +0 -34
package/src/services/bedrock-model-catalog.ts +0 -217
package/src/services/bedrock-openai-service.ts +0 -658
package/src/services/core-services.ts +0 -1072
package/src/services/image-generation-service.ts +0 -257
package/src/services/instruction-service.ts +0 -318
package/src/services/mcp-registry.ts +0 -94
package/src/services/platform-helpers.ts +0 -287
package/src/services/session-manager.ts +0 -262
package/src/services/settings-resolver.ts +0 -74
package/src/services/system-config-resolver.ts +0 -89
package/src/services/system-skills-service.ts +0 -229
package/src/services/transcription-service.ts +0 -684
package/src/session.ts +0 -110
package/src/spaces/index.ts +0 -1
package/src/spaces/space-resolver.ts +0 -17
package/src/stores/in-memory-agent-store.ts +0 -403
package/src/stores/redis-agent-store.ts +0 -279
package/src/utils/public-url.ts +0 -44
package/src/utils/rate-limiter.ts +0 -94
package/tsconfig.json +0 -33

package/src/__tests__/provider-inheritance.test.ts DELETED Viewed

@@ -1,212 +0,0 @@
-import { beforeEach, describe, expect, test } from "bun:test";
-import { MockRedisClient } from "@lobu/core/testing";
-import {
-  ProviderCatalogService,
-  resolveInstalledProviders,
-} from "../auth/provider-catalog";
-import { AgentSettingsStore } from "../auth/settings/agent-settings-store";
-import { AuthProfilesManager } from "../auth/settings/auth-profiles-manager";
-import {
-  canEditSettingsSection,
-  canViewSettingsSection,
-  resolveSettingsView,
-} from "../auth/settings/resolved-settings-view";
-import { buildDefaultSettingsFromSource } from "../auth/settings/template-utils";
-import { hasConfiguredProvider } from "../services/platform-helpers";
-describe("sandbox provider inheritance", () => {
-  let redis: MockRedisClient;
-  let store: AgentSettingsStore;
-  let authProfilesManager: AuthProfilesManager;
-  beforeEach(() => {
-    redis = new MockRedisClient();
-    store = new AgentSettingsStore(redis as any);
-    authProfilesManager = new AuthProfilesManager(store);
-  });
-  test("inherits installed providers through metadata and connection template fallback", async () => {
-    await store.saveSettings("template-agent", {
-      installedProviders: [{ providerId: "z-ai", installedAt: 1 }],
-    });
-    await redis.set(
-      "agent_metadata:telegram-6570514069",
-      JSON.stringify({ parentConnectionId: "conn-1" })
-    );
-    await redis.set(
-      "connection:conn-1",
-      JSON.stringify({ templateAgentId: "template-agent" })
-    );
-    const providers = await resolveInstalledProviders(
-      store,
-      "telegram-6570514069"
-    );
-    expect(providers).toEqual([{ providerId: "z-ai", installedAt: 1 }]);
-  });
-  test("inherits auth profiles through metadata and connection template fallback", async () => {
-    await store.saveSettings("template-agent", {
-      authProfiles: [
-        {
-          id: "profile-1",
-          provider: "z-ai",
-          credential: "secret",
-          authType: "api-key",
-          label: "z.ai",
-          model: "*",
-          createdAt: 1,
-        },
-      ],
-      installedProviders: [{ providerId: "z-ai", installedAt: 1 }],
-    });
-    await redis.set(
-      "agent_metadata:telegram-6570514069",
-      JSON.stringify({ parentConnectionId: "conn-1" })
-    );
-    await redis.set(
-      "connection:conn-1",
-      JSON.stringify({ templateAgentId: "template-agent" })
-    );
-    const profiles = await authProfilesManager.listProfiles(
-      "telegram-6570514069"
-    );
-    expect(profiles).toHaveLength(1);
-    expect(profiles[0]?.provider).toBe("z-ai");
-    expect(profiles[0]?.credential).toBe("secret");
-  });
-  test("inherits auth profiles for cloned sandbox settings that copied providers", async () => {
-    await store.saveSettings("template-agent", {
-      authProfiles: [
-        {
-          id: "profile-1",
-          provider: "z-ai",
-          credential: "secret",
-          authType: "api-key",
-          label: "z.ai",
-          model: "*",
-          createdAt: 1,
-        },
-      ],
-      installedProviders: [{ providerId: "z-ai", installedAt: 1 }],
-    });
-    const templateSettings = await store.getSettings("template-agent");
-    const cloned = buildDefaultSettingsFromSource(templateSettings);
-    cloned.templateAgentId = "template-agent";
-    await store.saveSettings("telegram-6570514069", cloned);
-    const effective = await store.getEffectiveSettings("telegram-6570514069");
-    const profiles = await authProfilesManager.listProfiles(
-      "telegram-6570514069"
-    );
-    expect(cloned.authProfiles).toBeUndefined();
-    expect(effective?.authProfiles).toHaveLength(1);
-    expect(profiles).toHaveLength(1);
-  });
-  test("treats cloned sandbox settings as configured when template provides credentials", async () => {
-    await store.saveSettings("template-agent", {
-      authProfiles: [
-        {
-          id: "profile-1",
-          provider: "z-ai",
-          credential: "secret",
-          authType: "api-key",
-          label: "z.ai",
-          model: "*",
-          createdAt: 1,
-        },
-      ],
-      installedProviders: [{ providerId: "z-ai", installedAt: 1 }],
-    });
-    const templateSettings = await store.getSettings("template-agent");
-    const cloned = buildDefaultSettingsFromSource(templateSettings);
-    cloned.templateAgentId = "template-agent";
-    await store.saveSettings("telegram-6570514069", cloned);
-    await expect(
-      hasConfiguredProvider("telegram-6570514069", store)
-    ).resolves.toBe(true);
-  });
-  test("exposes inherited provider state with read-only model visibility", async () => {
-    await store.saveSettings("template-agent", {
-      installedProviders: [{ providerId: "z-ai", installedAt: 1 }],
-    });
-    await redis.set(
-      "agent_metadata:telegram-6570514069",
-      JSON.stringify({ parentConnectionId: "conn-1" })
-    );
-    await redis.set(
-      "connection:conn-1",
-      JSON.stringify({ templateAgentId: "template-agent" })
-    );
-    const settingsView = await resolveSettingsView({
-      agentId: "telegram-6570514069",
-      agentSettingsStore: store,
-      viewer: {
-        settingsMode: "user",
-        allowedScopes: ["view-model"],
-        isAdmin: false,
-      },
-    });
-    expect(
-      canViewSettingsSection("model", {
-        settingsMode: "user",
-        allowedScopes: ["view-model"],
-        isAdmin: false,
-      })
-    ).toBe(true);
-    expect(
-      canEditSettingsSection("model", {
-        settingsMode: "user",
-        allowedScopes: ["view-model"],
-        isAdmin: false,
-      })
-    ).toBe(false);
-    expect(settingsView.scope).toBe("sandbox");
-    expect(settingsView.sections.model.source).toBe("inherited");
-    expect(settingsView.sections.model.editable).toBe(false);
-    expect(settingsView.providerSources["z-ai"]?.source).toBe("inherited");
-    expect(settingsView.providerSources["z-ai"]?.canEdit).toBe(false);
-  });
-  test("uninstalling an inherited sandbox provider writes a local override list", async () => {
-    await store.saveSettings("template-agent", {
-      installedProviders: [
-        { providerId: "z-ai", installedAt: 1 },
-        { providerId: "openai", installedAt: 2 },
-      ],
-    });
-    await redis.set(
-      "agent_metadata:telegram-6570514069",
-      JSON.stringify({ parentConnectionId: "conn-1" })
-    );
-    await redis.set(
-      "connection:conn-1",
-      JSON.stringify({ templateAgentId: "template-agent" })
-    );
-    const catalog = new ProviderCatalogService(store, authProfilesManager);
-    await catalog.uninstallProvider("telegram-6570514069", "z-ai");
-    const local = await store.getSettings("telegram-6570514069");
-    const effective = await store.getEffectiveSettings("telegram-6570514069");
-    expect(local?.installedProviders).toEqual([
-      { providerId: "openai", installedAt: 2 },
-    ]);
-    expect(effective?.installedProviders).toEqual([
-      { providerId: "openai", installedAt: 2 },
-    ]);
-  });
-});

package/src/__tests__/routes/cli-auth.test.ts DELETED Viewed

@@ -1,337 +0,0 @@
-import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
-import { decrypt } from "@lobu/core";
-import { MockRedisClient } from "../../../../core/src/__tests__/fixtures/mock-redis";
-import {
-  createCliAuthRoutes,
-  createConnectAuthRoutes,
-} from "../../routes/public/cli-auth";
-describe("cli auth routes", () => {
-  let originalKey: string | undefined;
-  let redis: MockRedisClient;
-  let queue: { getRedisClient(): MockRedisClient };
-  beforeEach(() => {
-    mock.restore();
-    originalKey = process.env.ENCRYPTION_KEY;
-    process.env.ENCRYPTION_KEY =
-      "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
-    redis = new MockRedisClient();
-    queue = {
-      getRedisClient: () => redis,
-    };
-  });
-  afterEach(() => {
-    if (originalKey !== undefined) {
-      process.env.ENCRYPTION_KEY = originalKey;
-    } else {
-      delete process.env.ENCRYPTION_KEY;
-    }
-  });
-  test("POST /cli/start returns device mode when the external provider supports device auth", async () => {
-    const router = createCliAuthRoutes({
-      queue: queue as any,
-      externalAuthClient: {
-        getCapabilities: mock(async () => ({ browser: true, device: true })),
-        startDeviceAuthorization: mock(async () => ({
-          deviceAuthId: "device-123",
-          userCode: "ABCD-EFGH",
-          verificationUri: "https://issuer.example.com/device",
-          verificationUriComplete:
-            "https://issuer.example.com/device?user_code=ABCD-EFGH",
-          interval: 5,
-          expiresIn: 600,
-        })),
-      } as any,
-    });
-    const res = await router.request("/cli/start", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-    });
-    expect(res.status).toBe(200);
-    const body = await res.json();
-    expect(body.mode).toBe("device");
-    expect(body.deviceAuthId).toBe("device-123");
-    expect(body.userCode).toBe("ABCD-EFGH");
-  });
-  test("POST /cli/start falls back to browser mode when device auth is unavailable", async () => {
-    const router = createCliAuthRoutes({
-      queue: queue as any,
-      externalAuthClient: {
-        getCapabilities: mock(async () => ({ browser: true, device: false })),
-      } as any,
-    });
-    const res = await router.request("https://gateway.example.com/cli/start", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-    });
-    expect(res.status).toBe(200);
-    const body = await res.json();
-    expect(body.mode).toBe("browser");
-    expect(typeof body.requestId).toBe("string");
-    expect(body.loginUrl).toContain("/api/v1/auth/cli/session/login?request=");
-  });
-  test("GET /connect/oauth/login redirects into external browser auth", async () => {
-    const router = createConnectAuthRoutes({
-      queue: queue as any,
-      externalAuthClient: {
-        generateCodeVerifier: () => "code-verifier",
-        buildAuthUrl: mock(async (state: string, codeVerifier: string) => {
-          expect(state).toBeTruthy();
-          expect(codeVerifier).toBe("code-verifier");
-          return "https://issuer.example.com/oauth/authorize";
-        }),
-      } as any,
-    });
-    const res = await router.request(
-      "https://gateway.example.com/connect/oauth/login?returnUrl=%2Fdone"
-    );
-    expect(res.status).toBe(302);
-    expect(res.headers.get("location")).toBe(
-      "https://issuer.example.com/oauth/authorize"
-    );
-  });
-  test("GET /connect/oauth/callback sets a settings session and redirects back", async () => {
-    await redis.setex(
-      "cli:auth:connect:state-123",
-      600,
-      JSON.stringify({
-        returnUrl: "/done",
-        codeVerifier: "code-verifier",
-      })
-    );
-    const router = createConnectAuthRoutes({
-      queue: queue as any,
-      externalAuthClient: {
-        exchangeCodeForToken: mock(async () => ({
-          accessToken: "provider-access-token",
-          refreshToken: "provider-refresh-token",
-          tokenType: "Bearer",
-          expiresAt: Date.now() + 3600_000,
-          scopes: ["profile:read"],
-        })),
-        fetchUserInfo: mock(async () => ({
-          sub: "user-123",
-          email: "user@example.com",
-          name: "Example User",
-        })),
-      } as any,
-    });
-    const res = await router.request(
-      "https://gateway.example.com/connect/oauth/callback?code=auth-code&state=state-123"
-    );
-    expect(res.status).toBe(302);
-    expect(res.headers.get("location")).toBe("/done");
-    expect(res.headers.get("set-cookie")).toContain("lobu_settings_session=");
-    const setCookie = res.headers.get("set-cookie");
-    const token = setCookie?.match(/lobu_settings_session=([^;]+)/)?.[1];
-    expect(token).toBeTruthy();
-    const payload = JSON.parse(decrypt(decodeURIComponent(token!))) as Record<
-      string,
-      unknown
-    >;
-    expect(payload.userId).toBe("user-123");
-    expect(payload.platform).toBe("external");
-    expect(payload.isAdmin).toBeUndefined();
-    expect(payload.settingsMode).toBeUndefined();
-  });
-  test("POST /cli/poll mints Lobu tokens after device auth completes", async () => {
-    await redis.setex(
-      "cli:auth:device:device-123",
-      600,
-      JSON.stringify({
-        status: "pending",
-        createdAt: Date.now(),
-        expiresAt: Date.now() + 600_000,
-        interval: 5,
-        userCode: "ABCD-EFGH",
-        verificationUri: "https://issuer.example.com/device",
-      })
-    );
-    const router = createCliAuthRoutes({
-      queue: queue as any,
-      externalAuthClient: {
-        pollDeviceAuthorization: mock(async () => ({
-          status: "complete",
-          credentials: {
-            accessToken: "provider-access-token",
-            refreshToken: "provider-refresh-token",
-            tokenType: "Bearer",
-            expiresAt: Date.now() + 3600_000,
-            scopes: ["profile:read"],
-          },
-          user: {
-            sub: "user-123",
-            email: "user@example.com",
-            name: "Example User",
-          },
-        })),
-      } as any,
-    });
-    const res = await router.request("/cli/poll", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ deviceAuthId: "device-123" }),
-    });
-    expect(res.status).toBe(200);
-    const body = await res.json();
-    expect(body.status).toBe("complete");
-    expect(typeof body.accessToken).toBe("string");
-    expect(typeof body.refreshToken).toBe("string");
-    expect(body.user.userId).toBe("user-123");
-    expect(body.user.email).toBe("user@example.com");
-  });
-  test("POST /cli/poll returns a completed browser result from stored request state", async () => {
-    await redis.setex(
-      "cli:auth:request:req-123",
-      600,
-      JSON.stringify({
-        status: "complete",
-        createdAt: Date.now(),
-        result: {
-          accessToken: "lobu-access-token",
-          refreshToken: "lobu-refresh-token",
-          expiresAt: Date.now() + 3600_000,
-          user: {
-            userId: "user-123",
-            email: "user@example.com",
-            name: "Example User",
-          },
-        },
-      })
-    );
-    const router = createCliAuthRoutes({
-      queue: queue as any,
-      externalAuthClient: {} as any,
-    });
-    const res = await router.request("/cli/poll", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ requestId: "req-123" }),
-    });
-    expect(res.status).toBe(200);
-    const body = await res.json();
-    expect(body.status).toBe("complete");
-    expect(body.user.userId).toBe("user-123");
-  });
-  test("POST /cli/admin-login mints tokens when development fallback is enabled", async () => {
-    const router = createCliAuthRoutes({
-      queue: queue as any,
-      allowAdminPasswordLogin: true,
-      adminPassword: "dev-secret",
-    });
-    const res = await router.request("/cli/admin-login", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "X-Forwarded-For": "10.0.0.1",
-      },
-      body: JSON.stringify({ password: "dev-secret" }),
-    });
-    expect(res.status).toBe(200);
-    const body = await res.json();
-    expect(body.status).toBe("complete");
-    expect(typeof body.accessToken).toBe("string");
-    expect(body.user.userId).toBe("admin");
-  });
-  test("POST /cli/admin-login is rejected when disabled or password is wrong", async () => {
-    const disabledRouter = createCliAuthRoutes({
-      queue: queue as any,
-      allowAdminPasswordLogin: false,
-      adminPassword: "dev-secret",
-    });
-    const disabled = await disabledRouter.request("/cli/admin-login", {
-      method: "POST",
-      headers: { "Content-Type": "application/json" },
-      body: JSON.stringify({ password: "dev-secret" }),
-    });
-    expect(disabled.status).toBe(403);
-    const enabledRouter = createCliAuthRoutes({
-      queue: queue as any,
-      allowAdminPasswordLogin: true,
-      adminPassword: "dev-secret",
-    });
-    const wrong = await enabledRouter.request("/cli/admin-login", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "X-Forwarded-For": "10.0.0.1",
-      },
-      body: JSON.stringify({ password: "wrong-secret" }),
-    });
-    expect(wrong.status).toBe(401);
-  });
-  test("POST /cli/admin-login is rate limited per client IP", async () => {
-    const router = createCliAuthRoutes({
-      queue: queue as any,
-      allowAdminPasswordLogin: true,
-      adminPassword: "dev-secret",
-    });
-    for (let attempt = 0; attempt < 5; attempt += 1) {
-      const res = await router.request("/cli/admin-login", {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-          "X-Forwarded-For": "10.0.0.9",
-        },
-        body: JSON.stringify({ password: "wrong-secret" }),
-      });
-      expect(res.status).toBe(401);
-    }
-    const limited = await router.request("/cli/admin-login", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "X-Forwarded-For": "10.0.0.9",
-      },
-      body: JSON.stringify({ password: "wrong-secret" }),
-    });
-    expect(limited.status).toBe(429);
-    expect(limited.headers.get("retry-after")).toBeTruthy();
-    const differentIp = await router.request("/cli/admin-login", {
-      method: "POST",
-      headers: {
-        "Content-Type": "application/json",
-        "X-Forwarded-For": "10.0.0.10",
-      },
-      body: JSON.stringify({ password: "dev-secret" }),
-    });
-    expect(differentIp.status).toBe(200);
-  });
-});

package/src/__tests__/routes/interactions.test.ts DELETED Viewed

@@ -1,121 +0,0 @@
-import { afterEach, beforeEach, describe, expect, mock, test } from "bun:test";
-import { generateWorkerToken } from "@lobu/core";
-import { createInteractionRoutes } from "../../routes/internal/interactions";
-describe("interaction routes", () => {
-  let originalKey: string | undefined;
-  let workerToken: string;
-  let mockInteractionService: any;
-  let router: ReturnType<typeof createInteractionRoutes>;
-  beforeEach(() => {
-    originalKey = process.env.ENCRYPTION_KEY;
-    process.env.ENCRYPTION_KEY =
-      "0123456789abcdef0123456789abcdef0123456789abcdef0123456789abcdef";
-    workerToken = generateWorkerToken("user-1", "conv-1", "deploy-1", {
-      channelId: "chan-1",
-      teamId: "team-1",
-    });
-    mockInteractionService = {
-      postQuestion: mock(() => Promise.resolve({ id: "interaction-123" })),
-      createSuggestion: mock(() => Promise.resolve()),
-    };
-    router = createInteractionRoutes(mockInteractionService);
-  });
-  afterEach(() => {
-    if (originalKey !== undefined) {
-      process.env.ENCRYPTION_KEY = originalKey;
-    } else {
-      delete process.env.ENCRYPTION_KEY;
-    }
-  });
-  describe("POST /internal/interactions/create", () => {
-    test("returns 401 without auth header", async () => {
-      const res = await router.request("/internal/interactions/create", {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ question: "test?", options: [] }),
-      });
-      expect(res.status).toBe(401);
-    });
-    test("returns 401 with invalid token", async () => {
-      const res = await router.request("/internal/interactions/create", {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-          Authorization: "Bearer invalid-token",
-        },
-        body: JSON.stringify({ question: "test?", options: [] }),
-      });
-      expect(res.status).toBe(401);
-    });
-    test("posts question and returns id", async () => {
-      const res = await router.request("/internal/interactions/create", {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-          Authorization: `Bearer ${workerToken}`,
-        },
-        body: JSON.stringify({
-          question: "Which option?",
-          options: ["A", "B"],
-        }),
-      });
-      expect(res.status).toBe(200);
-      const body = await res.json();
-      expect(body.id).toBe("interaction-123");
-      expect(body.status).toBe("posted");
-      expect(mockInteractionService.postQuestion).toHaveBeenCalledTimes(1);
-    });
-    test("returns 500 on service error", async () => {
-      mockInteractionService.postQuestion = mock(() =>
-        Promise.reject(new Error("service down"))
-      );
-      const res = await router.request("/internal/interactions/create", {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-          Authorization: `Bearer ${workerToken}`,
-        },
-        body: JSON.stringify({ question: "test?", options: [] }),
-      });
-      expect(res.status).toBe(500);
-    });
-  });
-  describe("POST /internal/suggestions/create", () => {
-    test("creates suggestions", async () => {
-      const res = await router.request("/internal/suggestions/create", {
-        method: "POST",
-        headers: {
-          "Content-Type": "application/json",
-          Authorization: `Bearer ${workerToken}`,
-        },
-        body: JSON.stringify({
-          prompts: ["Try this", "Or this"],
-        }),
-      });
-      expect(res.status).toBe(200);
-      const body = await res.json();
-      expect(body.success).toBe(true);
-      expect(mockInteractionService.createSuggestion).toHaveBeenCalledTimes(1);
-    });
-    test("returns 401 without auth", async () => {
-      const res = await router.request("/internal/suggestions/create", {
-        method: "POST",
-        headers: { "Content-Type": "application/json" },
-        body: JSON.stringify({ prompts: ["test"] }),
-      });
-      expect(res.status).toBe(401);
-    });
-  });
-});